Intrusion detection: Systems and models

Proceedings of the Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, WETICE

Volumn 2002-January, Issue , 2002, Pages 115-133

  Sherif, J S ^a,b   Dearmond, T G ^a  

^a CALIFORNIA INSTITUTE OF TECHNOLOGY   (United States)

^b CALIFORNIA STATE UNIVERSITY   (United States)

Author keywords

Books; Collaborative software; Computer hacking; Computer security; Control systems; Data security; Intrusion detection; Military computing; Network servers; Time sharing computer systems

Indexed keywords

COMPUTER CONTROL SYSTEMS; COMPUTER CRIME; COMPUTER NETWORKS; CONTROL SYSTEMS; GROUPWARE; MERCURY (METAL); NETWORK SECURITY; PERSONAL COMPUTING; SECURITY OF DATA; SECURITY SYSTEMS; TIME SHARING SYSTEMS;

BOOKS; COLLABORATIVE SOFTWARES; COMPUTER HACKING; MILITARY COMPUTING; NETWORK SERVER; TIME-SHARING;

INTRUSION DETECTION;

EID: 81855175691     PISSN: 15244547     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ENABL.2002.1029998     Document Type: Conference Paper

References (208)

1. Allen, J., Christie, A., Fithin, W., McHugh, J., Pickel, J., and E. Stoner, "State of the Practice of Intrusion Detection Technologies." (CMU/SEI-99/TR-028). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2000.
2. Amoroso, E.G. "Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps and Response." Intrusion.net, 1999.
3. Anderson, D.; Frivold, T.; and A. Valdes, "Next-generation Intrusion Detection Expert System (NIDES)", Technical report, SRI-CSL-95-07, SRI International, Computer Science Lab, 1995.
4. Anderson, R. and A. Khattak, "The Use of Information Retrieval Techniques for Intrusion Detection", Proceedings of RAID, Louvain-la-Neuve, Belgium, 1998.
5. Anderson, R. "Liability and Computer Security: Nine Principles." Third European Symposium on Research in Computer Security, Brighton, U.K., November 1994.
6. Anderson. J. P. "Computer Security Threat Monitoring and Surveillance." Technical Report, James P Anderson Co., Fort Washington, Pennsylvania, 1980.
7. Apap, F., A. Honig, S. Hershkop, E. Eskin, and S. Stolfo. "Detecting malicious software by monitoring anomalous windows registry accesses." Technical report, CUCS, 2001.
8. Autonomous Agents. Technical Report CSD-TR-95-022, Department of Computer Sciences, Purdue University, 1995.
9. Axelsson, S., "On a Difficulty of Intrusion Detection." Proc. of the Second International Workshop on Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
10. Bace, Rebecca, "Intrusion Detection." Macmillan Tech. Pub. Indianapolis, IN, 2000.
11. Bace, Rebecca, "A New Look at Perpetrators of Computer Crime." Proc. Sixteenth Department of Energy Computer Security Group Conference, Denver, CO, 1994.
12. Balasubramaniyan, J.S., J. O. Garcia-Fernandez, D. Isacoff, E.H. Spafford, and D. Zamboni. "An Architecture for Intrusion Detection Using Autonomous Agents." COAST technical report 98/05, Purdue University, W. Lafayette, IN, 1998.
13. Bauer, D. and M.E. Koblentz. "NIDX - An Expert System for Real-Time Network Intrusion Detection." Proceedings of the IEEE Computer Networking Symposium, New York, NY, 98-106, 1998.
14. Bishop, M., "A Standard Audit Log Format." Proceedings of the 1995 National Information Systems Security Conference, Baltimore, MD, 1995.
15. Bishop, M., "Vulnerabilities Analysis: Extended Abstract." Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
16. Bishop, M. "A Model of Security Monitoring." Proceedings of the Fifth Annual Computer Security Applications Conference, Tucson, AZ, 1989.
17. Blain, L. and Y. Deswarte. "An Intrusion-Tolerant Security Server for an Open Distributed System." Proceedings of the European Symposium on Research in Computer Security, Toulouse, France, 1990.
18. Brentano, J. "An Expert System for Detecting Attacks on Distributed Computer Systems." Master thesis, Division of Computer Science, University of California, Davis, CA, March 1991.
19. Carnegie Mellon Software Engineering Institute, "State of the Practice of Intrusion Detection Technologies," Technical Report, CMU/SEI-99-TR-028, ECS-99-028, 2000.
20. Carrettoni, F., S. Castano, G. Martella, and P. Samarati. "RETISS: A Real Time Security System for Threat Detection Using Fuzzy Logic." Proceedings of the Twenty-Fifth Annual IEEE International Carnahan Conference on Security Technology, Taipei, Taiwan, 1991.
21. Cedex, CS. Genetic Algorithms, an Alternative Tool for Security Audit Trails Analysis. Lodovic Me, SUPELEC, France, 1993.
22. Cheung, S., R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, J. Rowe, S. Staniford-Chen, R. Yip, and D. Zerkle. "The Design of GrIDS: A Graph-Based Intrusion Detection System." University of California, Davis, Computer Science Department technical report CSE-99-2, 1999.
23. Cheung, S. and K. N. Levitt. "Protecting Routing Infrastructures from Denial of Service Using Cooperative Intrusion Detection." Proceedings New Security Paradigms Workshop, Cumbria, U.K., 1997.
24. Corbitt, T. "The Computer Misuse Act," Computer Fraud and Security Bulletin, 13-17, 1994.
25. Crosbie, M. "Applying Genetic Programming to Intrusion Detection." Proceedings of AAAI Fall Symposium on Genetic Programming, San Jose, CA, 1995.
26. Crosbie, M. and E. Spafford. Defending a Computer System Using Autonomous Agents." Proceedings of the Eighteenth National Information Systems Security Conference, Baltimore, MD, 1995.
27. Debar, H., M. Becker, and D. Siboni. "A Neural Network Component for an Intrusion Detection System." Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA 1992.
28. Debar, H., M. Ludovic, and S. Felix Wu (eds.), "Recent Advances in Intrusion Detection," Third International Workshop, Raid 2000, Toulouse, France. Springer Verlag, 2000.
29. DeDios, P., R. El-Khalil, K. Sarantakos, M. Miller, E. Eskin, W. Lee, and S. Stolfo. "Heuristic audit of network traffic: A data mining-based approach to network intrusion detection." Technical report, Columbia University, CUCS, 2001.
30. Denmac Systems "Network Based Intrusion Detection," Denmac Systems, Inc., 1999.
31. Denning, D. and P. Neumann. Requirements and Model for IDES - A Real-Time Intrusion Detection Expert System, Final Report, Computer Science Laboratory, SRI International, 1985
32. Denning, D. "An Intrusion Detection Model." IEEE Transactions on Software Engineering, 13, 2, 222-232, 1967.
33. Denning, D., D. Edwards, R. Jagannathan, T. Lunt, P. Neumann. "A Prototype IDES: A Real-Time Intrusion Detection Expert System." Computer Science Laboratory, SRI International, 1987.
34. Dias, G., K.N. Levitt, and B. Mukherjee. "Modeling Attacks on Computer Systems: Evaluating Vulnerabilities and Forming a Basis for Attack Detection." SRI Intrusion Detection Workshop, Menlo Park, CA, 1990.
35. Didier, S., and R. Molva, "IDAMN: An Intrusion Detection Architecture for Mobile Networks", IEEE Journal on Selected Areas in Communications, 15, 7, 1997.
36. Doak, J., "Intrusion Detection: The Application of Feature Selection, a Comparison of Algorithms, and the Application of a Network Analyzer." Master thesis, University of California, Davis, CA, 1992.
37. Dowell, C. and P. Ramstedt. "The Computer watch Data Reduction Tool." Proceedings of the Thirteenth National Computer Security Conference, Washington, DC, 1990.
38. Dunigan, T. and Hinkel, G. "Intrusion Detection and Intrusion Prevention on a Large Network: A Case Study." Proceedings 1st Workshop on Intrusion Detection and Network Monitoring. Santa Clara, CA 1999.
39. Enterasys Networks, "Intrusion Detection System: Hackers Are Getting Smarter". Enterasys Networks. 2001
40. Escamilla, T. "Intrusion Detection: Network Security Beyond the Firewall." John Wiley and Sons, 1998.
41. Eskin, E. "Anomaly detection over noisy data using learned probability distributions." In Proceedings of ICML 2000, Menlo Park, CA, 2000.
42. Eskin, E., A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo. "A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data." Technical report, CUCS, 2002.
43. th ACM Conference on Computer Security, 2001.
44. Eskin, E., W. Lee, and S. Stolfo. Modeling system calls for intrusion detection with dynamic window sizes. In Proceedings of DARPA Information Survivability Conference and Exposition II (DISCEX II), Anaheim, CA, 2001.
45. Fan, W. and S. Stolfo, " Ensemble-Based Adaptive Intrusion Detection," Proceedings SIAM Int. Conference on Data Mining, Arlington, VA. 2002.
46. Fan, W., Lee, W.; Stolfo, S. and M. Miller, "A Multiple Model Cost-Sensitive Approach for Intrusion Detection" Eleventh European Conference on Machine Learning, 2000.
47. Feiertag, R., L. Benzinger, S. Rho, and S. Wu. "Intrusion Detection Intercomponent Adaptive Negotiation." Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
48. Forte, D. "Intrusion Detection Systems" login: 24, 1, 1999.
49. Frank, J., "Machine Learning and Intrusion Detection: Current and Future Directions." Proceedings of the Seventeenth National Computer Security Conference, Baltimore, MD, 1994.
50. Frincke, D., D. Tobin, and Y. Ho. "Planning, Petri Nets, and Intrusion Detection." Proceedings of Twenty-First National Information System Security Conference, Crystal City, VA, 1998.
51. Garvey, T. and T. Lunt. "Model-Based Intrusion Detection." Proceedings of the Fourteenth National Computer Security Conference, Washington, DC, 1991.
52. Ghosh, A. and A. Schwartzbard. "A study in using neural networks for anomaly and misuse detection." In Proceedings of the Eighth USENIX Security Symposium, 1999.
53. Graham, R., "FAQ: Network Intrusion Detection Systems," InfoWorld, Robert Graham. 1998-2000.
54. Gross, A., "Analyzing Computer Intrusions." Ph.D. thesis, University of California, San Diego, Department of Computer Sciences, San Diego, CA, 1997.
55. Habra, N., B. Le Charlier, and A. Mounji. "Advanced Security Audit Trail Analysis on UNIX: Implementation Design of the NADF Evaluator." Research report, Universitaires Notre Dame de la Paix, Namur, Belgium, 1993.
56. Habra, N., B. Le Charlier, and A. Mounji. "Preliminary Report on Advanced Security Audit Trail Analysis on UNIX." Universitaires Notre Dame de la Paix, Namur, Belgium, Research report, 1991.
57. th National Computer Security Conference, 1988.
58. Halme, L. and R.K. Bauer. "AINT Misbehaving - A Taxonomy of Anti-intrusion Techniques." Proceedings of the Eighteenth National Information Systems Security Conference, Baltimore, MD, 1995.
59. Heady, R., G. Luger, A.B. Maccabe, and M. Servilla. "The Architecture of a Network Level Intrusion Detection System." Technical report CS90-20, Department of Computer Science, University of New Mexico, Albuquerque, NM, 1990.
60. th National Computer Security Conference, 1992.
61. Heberlein, L., G. Dias, K. Levitt, B. Mukherjee, J. Wood and D. Wolber. "A Network Security Monitor." Proceedings of the IEEE Symposium on Research in Security and Privacy, 1990.
62. th National Computer Security Conference, 1991.
63. Heberlein, T., "Network Security Monitor (NSM) - Final Report." Lawrence Livermore National Laboratory, Davis, CA, 1995.
64. Heberlien, T., B. Mukherjee, K.N. Levitt; G. Dias and D. Mansur. "Towards Detecting Intrusions in a Networked Environment." Proceedings of the Fourteenth Department of Energy Computer Security Group Conference, 1991.
65. Helman, P. and G. Liepins. "Statistical Foundations of
66. Helman, P., G. Liepins, and W. Richards. "Foundations of Intrusion Detection." Proceedings of the Fifth Computer Security Foundations Workshop, Franconia, NH, 1992.
67. Hershkop, S., F. Apap, E. Glanz, T. D'alberti, E. Eskin, Sal Stolfo, and J. Lee. "Hobids: A data mining approach to host based intrusion detection." Technical report, CUCS, 2001.
68. Herve, D. "What is behavior-based intrusion detection?" IBM Zurich Research Laboratory. SANS Institute Resources, Intrusion Detection FAQ, 2000.
69. Hochberg, J., K. Jackson, C. Stallings, J.F. McClary, D. DuBois, and J. Ford. "NADIR: An Automated System for Detecting Network Intrusion and Misuse." Computers and Security 12, 3, 235-248, 1993.
70. Hofmeyer, S.A., S. Forrest, and A. Somayaji. "Intrusion detection using sequences of system calls," Journal of Computer Security, 6:151-180, 1998.
71. Hubbard, B., T. Haley, N. McAuliffe, L. Schaefer, N. Kelem, D. Wolcon, R. Feiertag and M. Schaefer. Computer System Intrusion Detection. Trusted Information Systems, Inc. TIS Report No.348, 1990
72. Ilgun, K. "USTAT - A Real-time Intrusion Detection System for UNIX." Master's Thesis, University of California at Santa Barbara, 1992.
73. Ilgun, K., R.A. Kemmerer, and P. Porras. "State Transition Analysis: A Rule-Based Intrusion Detection Approach." IEEE Transactions on Software Engineering 21, 3, 181-199, 1995.
74. Ilgun, K., R.A. Kemmerer, and P.A. Porras. "State transition analysis: A rule-based intrusion detection approach." IEEE Transactions on Software Engineering, 21, 3, 181-199,1995.
75. Ilgun, K. "USTAT: A Real-Time Intrusion Detection System for UNIX." Master thesis, University of California, Santa Barbara, CA, 1992.
76. Jackson, K. A., "Intrusion Detection System (IDS) Product Survey". Published by Distributed Knowledge Systems Team; Computer Research and Applications Group; Computing, Information and Communications Division; Los Alamos National Laboratory, Los Alamos, New Mexico, 1999.
77. Jackson, K., D. DuBois and C. Stallings. "A Phased Approach to Network Intrusion Detection." Proceedings of the United States Department of Energy Computer Group Conference, 1991.
78. th Department of Energy Computer Security Group Conference, Washington, DC, 1991.
79. Jackson, K., M.C. Neumann, D. Simmonds, C. Stallings, J. Thompson, and G. Christoph. "An Automated Computer Misuse Detection System for UNICOS." Proceedings of the Cray Users Group Conference, Tours, France, 1994.
80. Javitz, H. and A. Valdes, "The SRI IDES Statistical Anomaly Detector," Proc. IEEE Symposium on Security and Privacy, Oakland, CA, 1991.
81. Kim, G. and E. H. Spafford. "Tripwire: A Case Study in Integrity Monitoring." Internet Besieged: Countering Cyberspace Scofflaws, edited by Dorothy and Peter Denning, Addison-Wesley, 1997.
82. th Annual Computer Security Applications Conference, 134-144, 1994.
83. Kossakowski, P., "Responding to Intrusions." (CMU/SEI-SIM- 006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1999.
84. Kumar, S. "Classification and Detection of Computer Intrusions." PhD Dissertation, Purdue University, W. Lafayette, IN, 1995.
85. Kumar, S. and E. Spafford. "A Pattern Matching Model for Misuse Intrusion Detection." Proceedings of the Seventeenth National Computer Security Conference, Baltimore, MD, 1994.
86. th National Information Security Conference, 194-204, 1995.
87. Lane, T. and C. Brodley. "An Application of Machine Learning to Anomaly Detection." Proceedings of the Twentieth National Information System Security Conference, Baltimore, MD, 1997.
88. Lane, T. and C. E. Brodley, "Sequence Matching and Learning in Anomaly Detection for Computer Security," AAAI Workshop: Approaches to Fraud Detection and Risk Management, 43-49, 1997.
89. Lankewics, L. and M. Benard. "Real-Time Anomaly Detection Using a Nonparametric Pattern Recognition Approach." Proceedings of the Seventh Computer Security Applications Conference, San Antonio, TX, 1991.
90. Lankewicz, L. and M. Bernard. "A Nonparametric Pattern Recognition Approach to Intrusion Detection." Technical report TUTR 90-106, Tulane University Department of Computer Science, New Orleans, LA, 1990.
91. Lee, W. "A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems." PhD Thesis, Columbia University, 1999.
92. Lee, W. and D. Xiang. "Information-theoretic measures for anomaly detection." In Proceedings of the 2001 IEEE Symposium on Security and Privacy, 2001.
93. Lee, W. and S. Stolfo, "Data Mining Approaches for Intrusion Detection" Proceedings, Seventh USENIX Security Symposium, San Antonio, TX, 1998.
94. Lee, W., and S.J. Stolfo. "Combining Knowledge Discovery and Knowledge Engineering to Build IDSs." Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
95. Lee, W., Miller, M., Stolfo, S. Jallad, K. Park, C. Zadok, E. and V. Prabhakar, " Toward Cost-Sensitive Modeling for Intrusion Detection" Columbia University Computer Science Technical Report CUCS-002-00, 2000.
96. Lee, W., Park, C. and S. Stolfo, " Towards Automatic Intrusion Detection using NFR" Proceedings 1st USENIX Workshop on Intrusion Detection and Network Monitoring, 1999.
97. Lee, W., S. Stolfo, K. Mok. "Mining Audit Data to Build Intrusion Detection Models.' Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining, 1998.
98. Lee, W., S. Stolfo, P.K, Chan, E. Eskin, W. Fan, M. Miller, S. Hershkop, J. Zhang. 'Real Time Data Mining-based Intrusion Detection.' Proceedings of DISCEX II, 2001.
99. Lee, W., S.J. Stolfo, and K Mok. 'Data mining in work flow environments: Experiences in intrusion detection.' Proceedings of the Conference in Knowledge Discovery and Data Mining, 1999.
100. Lee, W., S.J. Stolfo, and K. W. Mok. "A Data Mining Framework for Building Intrusion Detection Models." Proceedings of the Twentieth IEEE Symposium on Security and Privacy, Oakland, CA 1999.
101. Lee, W., S.J. Stolfo, and P.K. Chan. 'Learning patterns from Unix processes execution traces for intrusion detection." Proceedings of the AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management, 50-56. Menlo Park, CA: AAAI Press, 1997.
102. Levitt, K. (ed.), "Proceedings of Workshop on Future Directions In Computer Misuse and Anomaly Detection." University of California, Davis, CA, 1992.
103. Liepins, G. and H.S. Vaccaro. "Anomaly Detection: Purpose and Framework." Proceedings of the Twelfth National Computer Security Conference, Washington, DC, 1989.
104. Liepins, G. and H.S. Vaccaro. "Intrusion Detection: Its Role and Validation." Computers and Security, 11, Oxford, UK: Elsevier Science Publishers, Ltd., 347-355, 1992.
105. Lindquist, U., and E. Jonsson, "How to Systematically Classify Computer Security Intrusions" Proceedings IEEE Symposium Research in Security and Privacy, Oakland, CA 1997.
106. Lippmann, R., J.W. Haines, D.J. Fried, J. Korba, K. Das. The 1999 DARPA Off-Line Intrusion Detection Evaluation. Computer Networks, 34, 579-595, 2000.
107. Lippmann, R.; Fried, D.; Graf, I.; Haines, J.; Kendall, K.; McClung, D.; Weber, D.; Webster, S.; Wyschogrod, D.; Cunninghan, R.; and M. Zissman, " Evaluating Intrusion Detection Systems: The 1998 DARPA Off-Line Intrusion Detection Evaluation," Proceedings DARPA Information Survivability Conference, 2000.
108. Lodin, S., "Intrusion Detection Product Evaluation Criteria," Ernst & Young LLP, Hyperlink: docshow.net/ids.htm, 1998.
109. Lundin, E. and E. Jonsson. "Privacy versus Intrusion Detection "Analysis." Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
110. Lunt, T. "Automated Audit Trail Analysis and Intrusion Detection: A Survey." Proceedings of the Eleventh National Computer Security Conference, Washington, DC, 1988.
111. Lunt, T. "A survey of intrusion detection techniques." Computers and Security, 12, 405-418, 1993.
112. Lunt, T. "Detecting intruders in computer systems." In Proceedings of the Conference on Auditing and Computer Technology, 1993.
113. Lunt, T. and R. Jagannathan. "A Prototype Real-Time Intrusion Detection Expert System." Proceedings of the 1988 IEEE Symposium on Security and Privacy, Oakland, CA, 1988.
114. Lunt, T., "Real-Time Intrusion Detection." Proceedings of COMPCON Spring '89, San Francisco, CA, 1989.
115. Lunt, T. "Knowledge-Based Intrusion Detection." Proceedings of the AI Systems in Government Conference, Washington, DC, 1989.
116. Lunt, T., Tamaru, F. Gilham, R. Jagannathan, P. Neumann, H. Javitz, A. Valdes, and T. Garvey. "A real-time intrusion detection expert system (IDES) - final technical report." Computer Science Laboratory, SRI International, Menlo Park, California, 1992.
117. Mahoney, M. and P. Chan. "Detecting novel attacks by identifying anomalous network packet headers." Technical Report CS-2001-2, Florida Institute of Technology, Melbourne, FL, 2001.
118. Mahoney, M., "Computer Security: A Survey of Attacks and Defenses" Hyperlink: docshow.net/ids.htm, 2000.
119. Maiwald, E., "Automating Response to Intrusions." The Fourth Annual UNIX and NT Network Security Conference. Orlando, FL: The SANS Institute, 1998.
120. Mandanaris, S., M. Christensen, D. Zerkle, and K. Hermis. "A Data Mining Analysis of RTID Alarms." Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
121. Mansfield, G. K. Ohta, Y. Takei, N. Kato, and Y. Nemoto. "Towards Trapping Wily Intruders in the Large." Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
122. Marceau, C. "Characterizing the behavior of a program using multiple-length n-grams." In Proceedings of the New Security Paradigms Workshop, 2000.
123. Marchette, D. "Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint." Springer Verlag, 2001.
124. Mark, G. "Intrusion Detection," Software Technology Review, Software Engineering Institute. Carnegie Mellon University, 2000.
125. McAuliffe, N., D. Wolcott, L. Schaefer, N. Kelem, B. Hubbard, and T. Haley. "Is Your Computer Being Misused? A Survey of Current Intrusion Detection Technology." Proceedings of the Sixth Annual Computer Security Applications Conference, Tucson, AZ, 1990.
126. McConnell, J., D.A. Frincke, D. Tobin, J. Marconi, and D. Polla. "A Framework for Cooperative Intrusion Detection." Proceedings of Twenty-First National Information System Security Conference, Crystal City, VA, 1998.
127. Me' L. "GASSATA, a Genetic Algorithm as an Alternative Tool for Security Audit Trails Analysis." First International Workshop on the Recent Advances in Intrusion Detection, Louvain-la-Neuve, Belgium, 1998.
128. Me, Ludovic. "Security Audit Trail Analysis Using Genetic Algorithms." Proceedings of the Twelfth International Conference on Computer Safety, Reliability, and Security, Poznan, Poland, 1993.
129. Mell, P. and M. McLarnon. "Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems." Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
130. Miller, M. "Learning Cost-Sensitive Classification Rules for Network Intrusion Detection Using RIPPER." Technical Report CUCS-035-99, Columbia University, 1999.
131. MIT Lincoln Labs. 1999 DARPA intrusion detection evaluation. In http://www.ll.mit.edu,1999.
132. Moitra, A., "Real-Time Audit Log Viewer and Analyzer." Proceedings of the Fourth Workshop on Computer Security Incident Handling, Denver, CO, 1992.
133. Mounji, A. "Languages and Tools for Rule-Based Distributed Intrusion Detection." Thesis, Faculte's Universitaires Notre-Dame de la Paix, Namur, Belgium, 1997.
134. Mukherjee, B.; Heberlein, L. T. and K.N Levitt. "Network Intrusion Detection," IEEE Network, 8, 3, 26-41, 1994.
135. Neumann, P. G., and P. A. Porras "Experience with EMERALD to Date", SRI International, 1st USENIX Workshop on Intrusion Detection and Network Monitoring. Santa Clara, California, 73-80, 1999.
136. Neumann, P. G. and D.B. Parker. "A Summary of Computer Misuse Techniques." Proceedings of the Twelfth National Computer Security Conference, 1989.
137. Northcutt, S., "What is Network Based Intrusion Detection?" SANS Institute. SANS Institute Resources, Intrusion Detection FAQ, Hyperlink: ID FAQ, 2000.
138. Northcutt, S. "Network Intrusion Detection: An Analyst's Handbook." Indianapolis, IN: New Rider, 1999.
139. Northcutt, S. "What the Hackers Know about You." SANS Institute. SANS Institute Resources, Intrusion Detection FAQ, Hyperlink: ID FAQ, 1999.
140. Ong, T.H., C.P. Tan, Y.T. Tan, C.K. Chew, and C. Ting. "SNMS - Shadow Network Management System." Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
141. Panagiotis, A. "Intrusion Detection Systems". Daemon News. May 1999.
142. th USENIX Security Symposium, San Antonio, TX, 1998.
143. Paxson, V. and M. Handley. "Defending Against Network IDS Evasion." Proceedings of the Second International Workshop On Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
144. Piccioto, Jeffrey. "The Design of an Effective Auditing Subsystem." Proceedings of the 1987 IEEE Symposium on Security and Privacy, Oakland, CA, 1987.
145. Pichnarczyk, K.; Weeber, S.; and Feingold, R. "Unix Incident Guide: How to Detect an Intrusion." (CIAC-2305 R.1) Lawrence Livermore National Laboratory, Department of Energy Computer Incident Advisory Capability, 1994.
146. Porras, P. "STAT, A State Transition Analysis Tool for Intrusion Detection." Master thesis, Computer Science Department, University of California, Santa Barbara, CA, 1992.
147. Porras, P. and P.G. Neumann. "Emerald: Event monitoring enabling responses to anomalous live disturbances." National Information Systems Security Conference, Baltimore, MD, 1997.
148. Porras, P. and R.A. Kemmerer. "Penetration State Transition Analysis: A Rule-Based Intrusion Detection Approach." Proceedings of the Eighth Annual Computer Security Applications Conference, San Antonio, TX, 1992.
149. Portnoy, L., Eleazar Eskin, and Salvatore J. Stolfo. "Intrusion detection with unlabeled data using clustering." Proceedings of ACM CSS Workshop on Data Mining Applied to Security, 2001.
150. Price, Katherine E. "Host-Based Misuse Detection and Conventional Operating Systems' Audit Data Collection." Master thesis, Purdue University, W. Lafayette, IN, 1997.
151. Proctor, P.E. "Practical Intrusion Detection Handbook." Prentice Hall, 2000.
152. Puketza, N., K. Zhang, M. Chung, B. Mukherjee, and R.A. Olsson. "A Methodology for Testing Intrusion Detection Systems." IEEE Transactions on Software Engineering 22,10, 719-729, 1996.
153. Puketza, N., M. Chung, R.A. Olsson, and B. Mukherjee. "A Software Platform for Testing Intrusion Detection Systems" IEEE Software 14, no. 5, 43-51, 1997.
154. Reavis, J., "Do you have an intrusion detection response plan?" Network World Fusion, September 13, 1999.
155. Roesch, M. "Snort - lightweight intrusion detection for networks." Proceedings of Lisa '99, 1999.
156. Samfat, D. and R. Molva, "IDAMN: An Intrusion Detection Architecture for Mobile Networks", IEEE Journal on Selected Areas in Communications, 15, 7,1997.
157. SANS Institute Resources, "What is the role of a file integrity checker like Tripwire in intrusion detection?" SANS Institute Resources, Intrusion Detection FAQ, 2000.
158. Scambray, J.; McClure, S. and J. Broderick, "Network intrusion-detection solutions", InfoWorld, May 4, 1998. InfoWorld Corporation. 1998.
159. Schneier, B. Secrets and lies: Digital Security in a Networked World. John Wiley, New York, NY 2000.
160. th National Computer Security Conference, 1988.
161. Seleznyov, A., and S. Puuronen. "Anomaly Intrusion Detection Systems: Handling Temporal Relations Between Events." Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
162. Sherif, J.; R. Ayers and T. Dearmond. "Intrusion Detection," OMEGA, March. 2002
163. Shieh, S. and V.D. Gligor. "A Pattern-Oriented Intrusion Detection Model and Its Applications." Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, Oakland, CA, 1991.
164. Shimomura, T., Takedown. "The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw - By the Man Who Did It." New York, Hyperion, 1996.
165. Sibert, W. Olin. "Auditing in a Distributed System: SunOS MLS Audit Trails." Proceedings of the Eleventh National Computer Security Conference, Washington, DC, 1988.
166. Simonian, R., "A Neural Network Approach Towards Intrusion Detection." Proceedings of the Thirteenth National Computer Security Conference, Washington, DC, 1990.
167. th Annual Computer Security Applications Conference, 1999.
168. Slatalla and J. Quittner, Masters of Deception: The Gang That Ruled Cyberspace. Harper, New York, NY. 1996.
169. Smaha, S. and S. Snapp. "Method and System for Detecting Intrusion into and Misuse of a Data Processing System." US555742, U.S. Patent Office, September 17, 1996.
170. Smaha, S. E. "Haystack: An Intrusion Detection System." Proceedings Fourth Aerospace, Orlando, Florida, 1988.
171. Snapp, S., J. Brentano, G. Dias, T. Goan, T. Grance, T. Heberlein, C. Ho, K. Levitt, B. Mukherjee, D. Mansur, K. Pon, and S. Smaha. "A System for Distributed Intrusion Detection." Proceedings of COMPCON Spring '91, San Francisco, CA, 1991.
172. Sobirey, M., B. Richter, and H. Konig. "The Intrusion Detection System AID: Architecture, and Experiences in Automated Audit Analysis." Proceedings of the IFIPTC6/TC11 International Conference on Communications and Multimedia Security, Essen, Germany, 1996.
173. Spitzner, L. Know Your Enemy: Revealing the Security Tools, Tactics and Motives of the Blackhat Community. Addison Wesley Pub. 2001.
174. Staniford, S-Chen; S.Cheung; R. Crawford; M. Dilger; J. Frank, J. Hoagland; K. Levitt; C. Wee; R.Yip and D. Zerkle, "GrIDS - A Graph-Based Intrusion Detection System for Large Networks" The 19th National Information Systems Security Conference, Baltimore, MD, 1996.
175. Staniford-Chen, S., B. Tung, and D. Schnackenberg. "The common intrusion detection frame-work (CIDF)." In Proceedings of the Information Survivability Workshop, 1998.
176. Sterling, B., "The Hacker Crackdown." New York, Bantam. 1992.
177. Stolfo, S.J., W. Fan, W. Lee, A. Prodromidis, P. Chan. "Cost-based Modeling for Fraud and Intrusion Detection: Results from the JAM Project." Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, 2000.
178. Stoll, C., "The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage," New York: Pocket Books. 1990.
179. Sundaram, A., "An Introduction to Intrusion Detection", Crossroads: The ACM Student Magazine,2,4,1996, Hyperlink: acm.org/Crossroads, 1996.
180. Tener, W. "AI and 4GL: Automated Detection and Investigation and Detection Tools." Proceedings of the IFIP Security Conference, Sydney, Australia, 1988.
181. Tener, W. "Discovery: An Expert System in the Commercial Data Security Environment." Proceedings of the IFIP Security Conference, Monte Carlo, 1986.
182. Teng, H.S., K. Chen and S. C. Lu. "Security Audit Trail Analysis Using Inductively Generated Predictive Rules." Proc. 11th National Conference on Artificial Intelligence Applications, 24-29, IEEE Service Center, Piscataway, NJ, 1990.
183. Teng, H.S., K. Chen, and S.C.Lu. "Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns." Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy, Oakland, CA, 1990.
184. Ting, Christopher, T.H. Ong, Y.T. Tan, and P.Y. Ng. "Intrusion Detection, Internet Law Enforcement, and Insurance Coverage to Accelerate the Proliferation of Internet Business." Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
185. Toxen, B. "Real World Linux Security: Intrusion Prevention, Detection, and Recovery." Prentice Hall, 2000.
186. TRW Defense Systems Group. "Intrusion Detection Expert System Feasibility Study." Final report 46761, 1986.
187. Tsudik, G. and R. Summers. "AudES - "An Expert System for Security Auditing." Proceedings of the AAAI Conference on Innovative Applications in AI, San Jose, CA, 1990
188. reprinted in Computer Security Journal 6,1, 89-93, 1990.
189. Vaccaro, H. S.; and G. E. Liepins, "Detection of anomalous computer session activity," Proceedings Symposium on Research in Security and Privacy, Oakland, CA, 1989.
190. Valcarce, E.M., G.W. Hoglund, L. Jansen, and L. Baillie. "ESSENSE: An Experiment in Knowledge-Based Security Monitoring and Control." Proceedings of the Third USENIX Unix Security Symposium, Baltimore, MD, 1992.
191. Vert, G., D.A. Frincke, and J. McConnell. "A Visual Mathematical Model for Intrusion Detection." Proceedings of Twenty-First National Information System Security Conference, CrystalCity, VA, 1998.
192. Warrender, C., S. Forrest, and B. Pearlmutter. "Detecting Intrusions Using System Calls: Alternative Data Models." Proc. of the IEEE Symposium on Security and Privacy, 133-145. IEEE Computer Society, 1999.
193. Wee, C. "LAFS: A Logging and Auditing File System." Proceedings of the Eleventh Computer Security Applications Conference, New Orleans, LA, 1995.
194. Wee, C., "Policy-Directed Auditing and Logging." Ph.D. thesis, University of California, Davis, CA, 1996.
195. Weiss, W. and A. Baur. "Analysis of Audit and Protocol Data Using Methods from Artificial Intelligence." Proceedings of the Thirteenth National Computer Security Conference, Washington, DC, 1990.
196. Wetmore, B. "Audit Browsing." Master thesis, University of California, Davis, CA 1993.
197. White, G., E.A. Fisch, and U.W. Pooch. "Cooperating Security Managers: A Peer-Based Intrusion Detection System." IEEE Network 10,1, 20-23, 1996.
198. Winkler, J. "Intrusion and Anomaly Detection: ISOA."
199. th National Computer Security Conference, October 1990.
200. Winkler, J. and W. J. Page, "Intrusion and Anomaly Detection in Trusted Systems," Proceedings of the Fifth Annual Computer Security Applications Conference, Tucson, AZ., 1989.
201. Wood, M. "Intrusion Detection Exchange Format Requirements." Internet draft, Internet Engineering Task Force, 1999.
202. Ye, N. "A Markov chain model of temporal behavior for anomaly detection." Proceedings of the IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, 2000.
203. Yip, R. and K. Levitt. "Data Level Inference Detection in Database Systems." Proceedings of the Eleventh IEEE Computer Security Foundations Workshop, Rockport, MA, 1998.
204. Yuill, K., S.F. Wu, F. Gong, and M-Y. Huang, "Intrusion Detection for an Ongoing Attack." Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
205. Zamboni, D. and E. Spafford. "New Directions for the AAFID Architecture." Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection, W. Lafayette, IN, 1999.
206. Zamboni, D. "SAINT: A Security Analysis Integration Tool." Systems Administration, Networking and Security (SANS) Conference, Washington, DC, 1996.
207. Zerkle, D. and K. Levitt. "NetKuang - A Multi-Host Configuration Vulnerability Checker." Proceedings of the Sixth USENIX Security Symposium, San Jose, CA, 1996.
208. Zirkle, L., "What is host-based intrusion detection?" Virginia Tech CNS. SANS Institute Resources, Intrusion Detection FAQ, Hyperlink: ID FAQ, 2000.